In February 2012, the coalition government announced plans to require communications service providers (everyone from ISPs to social networks) to intercept and collect everybody’s communications data just in case it’s needed later in an investigation. Called by its new name, the Communications Capabilities Development Programme, this initiative seems set to be announced in the Queen’s Speech in May 2012 and to be incorporated into legislation.

Rumours that the Home Office wanted to implement a similar programme, then called the Interception Modernisation Programme, surfaced in 2008. In 2009 the Labour government released a consultation paper. In forming the coalition government in 2010, the Conservatives and Liberal Democrats (who in 2009 called IMP “incompatible with a free country”) promised “to end the storage of Internet and email records without good reason”. Now, less than two years later, they propose to adopt exactly the policy they opposed then by reinstating the Interception Modernisation Programme with only two changes: the name and the way the data is stored – decentralised storage by CSPs rather than a single, centralised database controlled by government. For this programme to go ahead, legislation is needed. Now is the time to stop it.

“a regime like this is surveillance – wiretapping – of the whole population by default”

The programme is framed as providing law enforcement with the same ability to track whom you are contacting on your computer or smartphone (over email, Skype, instant messaging, social networks) that they had with earlier forms of communications (checking your telephone bill). Until now, under EU data retention rules, ISPs had to keep records of when you went online and when you used the ISP’s email system. CCDP would require them also to collect third-party data transiting their networks which, until now, has seldom been monitored, let alone recorded for twelve months on the off-chance it will be useful. ISPs can do this, at a price, by installing “black boxes” on their networks that use a relatively new technology called deep packet inspection (DPI) that reconstructs the web pages you are viewing. A regime like this is surveillance – wiretapping – of the whole population by default without any court’s consideration of whether it is appropriate in a particular case.

The data to be intercepted and stored would include websites visited, the names of email, instant messaging correspondents, or lists of social networking “friends”, and the time, size, and length of Internet phone calls. While the content of messages is not supposed to be included, the 2009 LSE report (PDF) on the last set of proposals notes that the separation of communications data and content is no longer as straightforward as it was during the drafting of earlier laws, such as the Regulation of Investigatory Powers Act (2000) and the Anti-Terrorism, Crime and Security Act (2001). Today, in order to pick out communications data (the names of correspondents, dates, and times) from systems like Hotmail or Facebook, the “black boxes” will have to be passed the entirety of the page and trusted to ignore the rest of the content.

The price of deploying these systems will run into billions and the technical feasibility of operating at scale is uncertain. Lacking implementation details, it’s not clear what the technical burden on CSPs will be in today’s world of constantly changing and multiplying internet services or how distant companies offering services to UK consumers will be forced to comply. However, the increasing use of encryption will mean that much of the intercepted data is unreadable. In addition, the black box software will have to be updated almost daily as commonly used sites like Facebook or Gmail are tweaked and redesigned.

“the proposal is essentially to find more needles by building bigger haystacks”

It is not clear how useful the data will be in enhancing national security. The 2001 attacks on the World Trade Center and the Pentagon did not succeed because law enforcement was short of data. Rather, they succeeded because of a lack of intelligence – that is, the failure to connect the data the security services already had into a useful warning. Well over 99 percent of the data collected under CCDP will be irrelevant information about the activities of innocent people; the proposal is essentially to try to find more needles by building bigger haystacks.

Experience shows that surveillance technologies are subject to function creep. Once the system is in place, even if the original purpose is limited to the most serious crimes, demand to extend access to those investigating minor offences will grow. Data collection continues to expand: first came legal access to data collected in the ordinary course of business, then a requirement to retain that data, now the government is seeking access to third-party data. Under any reasonable understanding of human rights, interception and surveillance should be targeted at those suspected of crimes, not at the general population. Finally, the programme is likely to be extremely expensive. The Home Office officially estimated the cost of the original Interception Modernisation Programme at £2 billion over ten years, but the independent LSE study observed that off-the-record briefings of £12 billion were “quite realistic”. Even a scaled-down version would still be a substantial sum to be spending to gain uncertain benefits in a time of recession and austerity, and could be entirely wasted if relatively minor changes by webmail and social network providers make the whole system irrelevant overnight.

The recommendation to the European Parliament will be to reject ACTA. The rapporteur, David Martin, has today made an official announcment to that effect. The announcement moves ACTA fate one step closer to its coffin, but it would be foolish to think that its fate is finally sealed.

Mr Martin made the announcement at the conclusion of a conference organised by his party group – the Socialist group – today. In a press release issued after the conference, David Martin said:

Today’s conference has confirmed my suspicion that ACTA raises more fears than hopes. What it delivers in terms of important intellectual property rights is diminished by potential threats to civil liberties and internet freedom. When the European Parliament rejects ACTA, the Commission must work to find other ways to defend European intellectual property in the global marketplace’

If the European Parliament does reject ACTA – still an if at this stage – then it will effectively kill ACTA, certainly as far as Europe is concerned. David Martin’s announcement had the support of the president of the Socialist group in the European Parliament, Hannes Swoboda.

Mr Swoboda said that he will recommend that all group members should vote to reject ACTA, when the vote eventually comes to the plenary session.

However, there are a few more steps along the way. Mr Martin has yet to present his report, which will contain the recommendation. He is due to reveal it at a committee meeting in two week’s time.

As rapporteur, Mr Martin may not present his personal views, but must be sure to reflect the views of the whole Parliament. This may mean that he has to do some wheeling and dealing.

There are a number of Opinions being prepared which will input to Mr Martin’s report. We don’t know yet how those in the Parliament who oppose ACTA will react. Once all of the views are compiled into Mr Martin’s report, it will be voted by the committee and then by the plenary. So you can see, there are a few more hurdles.

David Martin is a British Labour MEP, and a canny Scot. It will be interesting to see whether Mr Martin gets any visits from his home government, which, via the regulator (the industry-cuddly Ofcom) is trying to push forward the very measures that ACTA could support.

And as I have said in my other article today, killing ACTA does not mean the end of Internet copyright enforcement measures being imposed by the back-door. There are other back-doors which will be used, such as the G8.America ups the ante on ACTA – via the G8

You may re-publish my article under a Creative Commons licence, but you should cite my name and provide a link back to iptegrity.com. Media and Academics – please cite as Monica Horten,It’s official: European Parliament told ‘Say no to ACTA’, http://www.iptegrity.com 12 April 2012 . Commercial users

The US government is not happy about ACTA, and is already taking steps to introduce what it really wants by another back door. In a document leaked today by the European Digital Rights group (EDRi), a new plan for intellectual property enforcement is revealed. Where ACTA was vague, the new plan is explicit.

The new G8 plan for IP enforcement includes the extended shopping list of Internet blocking measures, via payment providers, advertisers and search engines as well as individual websites. According to EDRi, the proposal may have been prepared by law enforcement working groups.

Interestingly, the G8 proposal introduces some new language. It never mentions the Internet. Instead it talks about ‘voluntary best practices’ and ‘protecting the global supply chain’. Its overt focus is on counterfeit medicines and online pharmacies. But the generality of the language implies a wider application.

The G8 enforcement proposal appears in a plain paper document headed ‘Non-paper on Intellectual property rights protection’. It has three sub-headings, which include ‘G8 inititiative to support voluntary best practices for securing global supply chains’. The components of the supply chains are named as ‘shippers, payment processors, ad brokers, advertisers, and similar stakeholders’.

Note the deliberate avoidance of the word ‘Internet service provider’. However, in the world of e-commerce, the ISP is implied.

It’s also notable that the proposed G8 IP enforcement measures mirror those in the Stop Online Piracy Act (SOPA) and Protect IP ACT. The language of ‘voluntary best practice’ has also been taken from United States government policy documents. It is certainly quite unlike any language so far seen in European Union policy documents.

Behind the G8 proposal lies a concern among ACTA’s proponents – the US and its industries – that ACTA may be stalled in the EU and that without EU support it will be of less use.

Thus, it can be inferred that this new G8 proposal has its origins within the United States government, and that the G8 is a funnel to impose American policies, notably that SOPA and PIPA measures – onto the rest of the world (as noted also by EDRi). And they are using a very wide open back door.

It is a signal that that the fall of ACTA (if it happens) will not be the end of the entertainment industries’ attack on the Internet. No, instead it will bring on the next stage of their campaign for even more stringent measures.

The British media has been excitedly reporting today that the government intends to bring in a ‘snoopers charter’ with ‘social network surveillance’. According to these media reports, based on leaked information from an unnamed source, the government will allow the secret services and police access to monitor our phone, email and web communications. It’s being positioned as some kind of master cyber-spy plan.

There is no public detail of the plan itself. However, it has been known for some time that the government is working on something called the Communications Capabilities Development programme (CCDP). Given what is known about this progamme, I think that the British government is proposing an extension of the data retention rules which the British Presidency pushed through the EU in 2006. The question therefore arises – what will the European Union do about it?

The policy concerned relates to communications traffic data retention. This is the storage of data related to the time, date and sender/recipient (caller/called party) of messages, to be stored by the network providers, in case of a requirement for access by law enforcement and other specified public authorities.

EU law requires the data to be available for purposes of dealing with serious crimes. In the UK, there is a problem with the implementation because the list of those who may acces the data is very long, and includes local councils who have used it for trivial purposes, such as dealing with people who fail to scoop up after their dogs in public parks.

The existing law is limited to fixed ISPs (for email) and specifically excludes web traffic data. That is, it does not require the storage of your web surfing. It was done at a time before Facebook and social media messaging was important.

From what can be ascertained, the new British proposal known as the Communications Capabilities Development programme wants to extend the law to include precisely those things – social media messaging and web surfing. It may also permit greater access to the data by the security services, although that is unclear.

It is being said that there will be will be a new law in the Queen’s speech which is due in May. If so, it raises two important questions.

For a law to be in the Queen’s speech, it must be ready to go through Parliament, which means that they must have been working on it for at least a year.

And, if it is at that stage, details of the proposal will have been communicated to the European Commission, at least informally.

The Commission is about to launch a review of the data retention rules for the entire EU, under Justice Commissioner Viviane Reding. This new British law, if it is really ready to go, will have implications for the European one, and could pre-empt decisions in Europe or force the Commission’s hand. Some countries, like Germany, do not want data retention at all, and it will provoke a political conflict.

So what do you say, Mrs Reding?

—

If you want to check the British media, here are a couple of examples:

As Victoria A. Espinel, the White House co-ordinator on copyright enforcement prepares to speak in the European Parliament next week, we learn of new powers being sought by the US government to impose IPR rules on other countries, including the EU.The Stop Online Piracy Act (also sometimes referred to as E-parasite) in the US congress seeks to impose the most draconian measures against Internet users and websites. But from an EU perspective, it contains a poison pill. American academics and NGOs who have studied are warning that it contains dangerous provisions which would empower US Embassies to force other countries to adopt the same anti-Internet measures.

The Stop Online Piracy Act ( SOPA – also sometimes referred to as E-parasite) is a twin to the Protect-IP Act in the US Senate. American academics are saying that SOPA will create a firewall of Internet censorship.

SOPA contains measures against search engines and linking sites, and indeed it would appear, against any site which is deemed to be “dedicated to infringing activities.”

SOPA also contains provisions whereby the US government can check out websites for possible infringing content, and if the website tries to stop them, it may be sanctioned.

Section 205 of Stop Online Piracy Act is called: Defending Intellectual Property Rights Abroad. Section 205 would build on the existing Special 301 process but will take it much further. It provides for “aggressive support for enforcement action against violations of the intellectual property rights of United States persons”. And it specifically mandates US embassies to ‘enable’ foreign governments to comply with international obligations regarding IP rights. A new role of IP attache will be created in order to facilitate this. This role will be to work with United States holders of intellectual property rights and industry to address intellectual property rights violations in the countries where the attachés are assigned.

US Embassies currently put pressure on other governments using the Special 301 powers. Exactly how they do so has been revealed in various leaked diplomatic cables published by Wikileaks.

The EU should take this threat very seriously. SOPA could mean that US Embassiess will try to forces changes in EU and Member State law which would contravene to the acquis and indeed are contrary to the balance of rights which we have established in Europe.

a. aggressive support for enforcement action against violations of the intellectual property rights of United States persons in such country;

b. cooperation with and support for the host government’s efforts to conform its applicable laws, regulations, practices, and processes to enable the host government to honor its international and bilateral obligations with respect to the protection of intellectual property rights;

c. consistency with the policy and country-specific priorities set forth in the most recent report of USTR under such section 182(a)(1); and

d. support for holders of United States intellectual property rights and industries whose access to foreign markets is improperly restricted by intellectual property related issues.

You may re-publish my article under a Creative Commons licence, but you should cite my name and provide a link back to iptegrity.com. Media and Academics – please cite as Monica Horten,America ups the ante on ACTA – via the G8, http://www.iptegrity.com 12 April 2012 . Commercial users – please contact me.

The CleanIT Project
The Clean IT project is carried out with the financial support from the Prevention of and Fight against Crime Programme of the European Union, European Commission – Directorate-General Justice, Freedom and Security.

Over the last few months – as Peru helped guide the United Nations climate negotiations – five separate oil spills along a main oil pipeline through the Amazon have spewed thick black clots of crude across jungle and swamp and carpeted local fishing lagoons with dead fish.

Earlier this month, the world's eyes were on Lima as 196 nations debated what to do about climate change at the UN COP20 climate summit. While world leaders debated, negotiated, signed and didn't sign agreements, Amazon Watch and our allies sounded the alarm on the critical importance of the Amazon rainforest and indigenous ancestral territories in […]

This month's hearing before Canada's Supreme Court was Chevron's last appeal to try to stop a full enforcement trial. Chevron audaciously asked the court to ignore all precedent, and to change the law just for them.